Hakkımda

Mustafa TURAN, 20 yıldan uzun süredir Bilgi Teknolojileri alanında çalışmaktadır. Evli ve iki çocuk babasıdır. İlk, orta ve lise öğrenimini Kocaeli’de tamamlamış, üniversite öğrenimini Akdeniz Üniversitesi Elektronik bölümünde, yüksek lisans öğrenimini de Bahçeşehir Üniversitesi, Siber Güvenlik bölümünde tamamlamıştır. Ayrıca dünyada cereyan eden olaylara karşı merakını telkin etmek ve daha iyi anlamak için Uluslararası İlişkiler bölümü ile ikinci üniversite mezuniyetini gerçekleştirmiştir.

Mustafa, kendisini sevdiği konuda çalışan dünyadaki şanslı azınlık insan grubunda görmektedir, bu sebeple ilgilendiği konuda yeni şeyler öğrenmek heyecanını canlı tutmasına ve amatör ruhunu korumasına yardımcı olmaktadır. Bu sayede çalışam hayatına devam ederken, evli ve iki çocuk babası iken aynı zamanda Siber Güvenlik üzerine Yüksek Lisans yapabilmiştir. Bu süreçte kendisine destek olan iş arkadaşları ve ailesine müteşekkirdir. Onların desteği ve inancı sayesinde birçok zorluğu aşmıştır.

Türkiye’nin alanında öncü ve büyük kurumlarında çalışmış olan Mustafa, şu anda büyük bir finans kuruluşunda Bilgi Riski Yönetimi Başkanlığı altında iş hayatına devam etmektedir.

LinkedIn Profili : https://www.linkedin.com/in/mustafaturan7/

Twitter : https://twitter.com/mturan77

Kişisel Özgeçmişi

MUSTAFA TURAN

Author, MSc. Cyber Security, ISO 27001 LA, ISO 22301 LA, ITIL-F  

Istanbul / TURKEY

PROFESSIONAL EXPERIENCE

AKBANK T.A.S                                                                                                        İstanbul, TURKEY

Information Risk Management Office (IRMO), Information Risk Sr. Specialist    (09/2017-…………)

  • Assisting in finding pragmatic, cost effective solutions to identified security and risk issues
  • Working closely to align security and risk advice with other divisions within the bank, such as Security Architecture
  • Engaging in end-to-end risk remediation planning, resolution and monitoring activities, including Technology Continuity Management planning and testing activities
  • Developing and implementing IT security and risk management frameworks and policies
  • Developing and establish IT risk reporting against established enterprise risk metrics
  • Assessing technical designs, project plans, and proposed initiatives against corporate security principles; and work to ensure they are addressed with minimal business impact, and that risk is identified and documented.
  • Contributing to Information Security Training and Awareness activities
  • Planning and assisting annual external independent audit activities
  • Assessing and reviewing business contracts according to the information security and risk controls
  • Providing and supporting BIAs activities for Akbank and its affiliates

BIMSA International Business, Information and Management Systems A.Ş.    İstanbul, TURKEY

IT Governance, Risk and Compliance Sr. Specialist (09/2015-09/2017)

  • Handled any Compliance, Regulatory Requirements, Exception Handling & Audits.
  • Managed Integrated Management System in the organization that covers; ISO 27001, 22301, 20000, 31000 & PCI-DSS
  • Ensured to comply with international standards as ISO and PCI-DSS on the company’s production environment.
  • Assisted on Managing IT Security Compliance Assessment.
  • Conducted IT Risk Management by executing appropriate measures to manage and mitigate risks
  • Participated in the Data Privacy project within the company (KVKK).
  • Participated from IS perspective in BCM Development and testing plans for continuing the business in case of interruption or disaster.

MetLife Emeklilik ve Hayat A.Ş. (Turkey) (Reported Line: EMEA Region-Dubai)   İstanbul, TURKEY

IT Department / IT Infrastructure & Operations Supervisor (01/2012-09/2015)

  • Managed of Data Center and DR Center facilities
  • Protected IT Assets/Facilities with the industrial Physical and Environmental Security practices
  • Managed Cisco ASA and Juniper SSG firewalls in the 3 Tier Architecture design with IPS/IDS capabilities
  • Applied IT Systems & Network Hardening best practices align with the company security policy. Implement and monitor the security measures on the company
  • Generated Capex & Opex Budgets for the Infrastructure Department and to ensure that they are coherent with the actuals and that the financial targets are met for the department
  • Full responsibility over all IT Infrastructure, Operations & Projects and ensuring that all targets are met successfully
  • Provided Monthly Report to the board on all aspects of the IT Infrastructure Department
  • Conducted IT Security, Compliance and Audits (MITC, PCI-DSS, Deloitte, Internal IT Audits, etc.)
  • Collaborated and involve on Home Office and Regional based ‘international IT projects
  • Ensured Business Continuity and Disaster Recovery plans and solutions are in place and kept up-to-date
  • Conducted annual BCP and DR tests
  • Experienced in designing, implementing, managing and monitoring local or wide area technology environments.

IT Department / Senior System and Network Engineer (02/2012-01/2014)

  • Kept the systems and network uptime not below then 99%
  • Participated in the development of policies, procedures
  • Managed licenses for all operating system related software and end-user tools/applications
  • Prepared detailed network diagrams, documentations, records and keep them updated. Reports as needed
  • Performed to closing security gaps on the systems via Qualys Scan Reports, McAfee, Compliance requirements etc.
  • Managed 3 Tier Network architecture and create secure services via it
  • Managed firewalls (Cisco ASA, Juniper SSG) and practicing access-control with the least-privilege principle
  • Monitored and fed data to the IT Risk & Security Dashboard
  • Conducted continuous vulnerability & patch management, monitoring and reporting
  • Planed, coordinated, and implemented network security measures in order to protect data, software, and hardware.
  • Prepared and followed Infrastructure budget and review it monthly
  • Initiated Vendor Assessment process and follow-up findings

Colgate Palmolive – Baser Kimya İstanbul, TURKEY

IT Department / IT Supervisor (03/2006-02/2011)

  • Managed wide migration of MS Exchange from 5.5 to 2003, and MS Windows NT 4.0 to 2003 R2.
  • Implemented security and protection tools e.g. (Checkpoint FW, TrendMicro SMTP GW & Endpoint Antivirus)
  • System and network hardenings implemented with Group Policy and Cisco IOS best practices.
  • Conducted Vulnerability and Patch Management activities.
  • Created and performed disaster recovery practices and guidelines of critical platforms
  • Built and cemented relations with vendors, distributors, and clients
  • Built and managed IT budget in the company
  • Physical servers migrated to VMware virtualization system

IT Department / Network & IT Specialist (07/2004-03/2006)

  • Oversaw servers, workstations, user support and help desk support.
  • Managed and maintain Oracle and SQL Databases
  • Managed and maintained backup operations.
  • Implemented WAN redundancy and security practices for IT infrastructure.
  • Managed and implemented TrendMicro AV solutions for different layers.(SMTP GW, ScanMail, Endpoint Protection)
  • Managed IT inventory and licenses, ensure for the no-license gap in the company.
  • Managed site-2-site VPN connections for remote sites via Leased Lines and MPLS
  • Conducted Vulnerability and Patch Management activities.

Yapi Kredi Technology   İstanbul, TURKEY       

Administration of Operations Directorship / IT Change Specialist (05/2003 – 07/2004)

  • Change management was conducted within the Yapi Kredi and subsidiaries of all IT-based change, planning, organization and deployment processes.
  • Performed risk assessment for IT change requests.
  • Set up and managed weekly Change Advisory Board (CAB) meetings
  • Participated and documented Change Reviews and proactively manage any assigned actions
  • Ensured that Change Freeze Periods are applied and followed-up.
  • Deployments were made by related tools e.g. (MS SMS, Rational Rose, Telnet and Unix Scripts, etc.)
  • Yapi Kredi Bank, Yatirim, Teleweb, Teletel and YK Bankacilik Üssü IT environment were in the change scope

IT System Support Specialist  (10/1998 – 05/2003)

  • Created ISO 9001 documents for computer systems.
  • Supported the network consisting of desktops and servers.
  • Performed hardware and software maintenance and installation tasks.
  • Performed hardware maintenance and installation tasks in Yapi Kredi datacenter for servers.
  • Involved the IT End User and Data Center projects.
  • Ensured all incident tickets must be delivered in SLAs and OLAs time period.
  • Acts as a team member and help to create high performance team in the IT organization.

Magic Life Hotels Antalya, TURKEY

IT System Support Engineer (01/1997 – 01/1998)

  • Planned and built network for different branches
  • Applied installation of Windows and Novell server and clients.
  • Oversaw and supported servers, workstations, user trainings and support, including Novell problems.
  • Managed and maintained backup operations.

EDUCATION

2016–2018 (3.73/4) Bahcesehir University, Cyber Security (English) (M.Sc.) Istanbul, TURKEY

2011–2014 (3.03/4) Anadolu University, Int. Relations and Affairs (B.Sc.) Eskisehir, TURKEY

1994–1996 (7/10)    Akdeniz University, Industrial Electronics (Collage) Antalya, TURKEY

TRAININGS

CompTIA A+ / Komdatasoft                                     

MCSE 2003 / Network Academy                              

Linux Security Essentials / Gelecek                        

CCNA / BT Egitim                                                    

VMware vSphere: Inst, Conf, MngV4.1/B.Adam     

English as a Second Language/San Diego Uni/US 

Positive Feedback / MetLife Turkey                         

Project Management / Istanbul Institute                  

Effective Recruitment Techniques / MetLife             

PCI DSS Internal Security Assessor / BKM           

PPM – Project and Portfolio Management / MetLife 

CISSP / InfoSec                                                        

Process Development / Software AG                       

COBIT 5 Foundation / Career Academy                  

ITIL v.3 / 2011 Foundation / Bir618                        

ISO 27001 – Lead Auditor / TBD                                    

ISO 22301 – Lead Auditor / TTM & VeriCert          

The 7 Habits of Highly Effective People- FCovey   

Effective Communication Techniques – RNA           

Management of Risk-Knowledge Academy-London

LANGUAGE      English (Good)   (Studied English as a Second Language program in United States / San Diego University)

PROJECTS

Information Risk Management Program Implementation

ISO 20000 Service Management System Implementation and Certification

PCI-DSS Corporate Implementation

Merging Four Management Systems Under One Integrated Management System (ISO 27001, ISO 22301, ISO 31000 and ISO 20000 Management Systems)

Information Security Awareness Content Preparation and Act in Video

Security Awareness Questionnaire Prep. 100+ Questions

Third-Party and Vendor Security Requirements Lists

Vendor on-site Security and Risk Assessment

Preparing Corporate Information Security Policies

Annual Risk Assessment Plan

Department Workload and Capacity Plan

Personal Data Protection Law Implementation Project Member

Preparing Annual Information Security Trainings

Blockchain Projects Member for Information Risk and Security

Publishing a Book about Personal Data Protection Law in Turkey

(Book name : Ceza Almadan Tedbir Al)

Invited to the EU’s NIS Directive (Directive on security of network and information systems) Compliance Working Group by BTK.gov.tr

LECTURES of CYBER SECURITY MASTER of SCIENCE

Information Security

Risk Management

Network Security and Cryptography

Cyber Security

Cyber Security Law

Penetration Testing

Computer Forensics

Ethics